GDPR – 10 things B2B Marketers need to know

Kevin Savage

24 October 2018

Kevin Savage

What resources do you use to explain, to those worried about GDPR, about the continuing opportunities for B2B direct marketing in the UK and the EU?

Over the past year or more, you’ve probably read numerous blogs, articles, white papers and opinions, all purporting to shine a light on the General Data Protection Regulations (GDPR), explaining, interpreting and simplifying it for readers.

However, far from achieving these worthy aims, many of them have been inaccurate, incomplete, sometimes incomprehensible, and rarely written with any obvious authority.

What is needed is a resource for B2B marketers, a collection of essential quotes, interpretations, explanations and opinions from those organizations and individuals that do have authority – the information commissioners themselves, their organizations and a select few others – all linked back to the original source.

Here are some of my favorites. What are yours?

Legal Basis for Processing
First up is whether to use legitimate interest or consent as our legal basis for processing personal data:

1. All legal grounds are equal and the decision to select either consent or legitimate interests for marketing activity should be made on what is best for your customers and your organisation, so long as your intentions remain transparent.

2. Consent can give people genuine choice but is only required when no other lawful basis exists or when PECR requires it. Legitimate interests is an equally valid ground for marketing activity and provides marketers with more flexibility to connect with customers.

Source: Direct Marketing Association (DMA) with an Introduction by Elizabeth Denham, UK Information Commissioner, ICO – pdf


Legitimate Interests
So if legitimate interests and consent are equally valid, when can we use legitimate interest:

3. Are there cases when legitimate interests is likely to apply?
The GDPR highlights some processing activities where the legitimate interests basis is likely to apply:
 – direct marketing

4. Can we use legitimate interests for our business to business contacts?
Yes, it is likely that much of this type of processing will be lawful on the basis of legitimate interests

Source: Information Commissioners Office, Guide to the General Data Protection Regulation


5. When can I not send electronic mail to Business Contacts (Customers and non Customers)?
You may not use electronic mail to send a marketing message to a business contact address/number if the subscriber has notified you that they do not consent to the receipt of such communications (opted out).

Opt-out means that you can market an individual provided you have previously given them the option not to receive such marketing and they have not availed of this option.

Source: Data Protection Commission (Ireland)


And for those that think Consent is a safer option:

6. “I did not appreciate the tsunami of legalistic notices landing on the account of millions of users, written in an obscure language,and many of them were entirely useless, and in a borderline even with spamming, to ask for unnecessary agreements with a new privacy policy, which, in a few cases, appear to be in full breach of the GDPR — not only in terms of spirit.”

Source: Giovanni Buttarelli, European Data Protection Supervisor, EDPS (EU’s independent data protection authority, as quoted on TechCrunch)


Which brings us on to the sensitive topic of fines:

7. “You will know by now that I prefer the carrot. Education, engagement, encouragement all come before enforcement.
Source: Elizabeth Denham, Information Commisioner, ICO

8. “I have said many times that we are a pragmatic regulator and that hefty fines will be reserved for those who wilfully or persistently flout the law. The more serious, high-impact, deliberate, wilful or repeated breaches can expect the most robust response”

Source: Elizabeth Denham, Information Commisioner, ICO


Third Party Data
What about sourcing data from third parties:

9. Can data received from a third party be used for marketing?

Before acquiring a contact list or a database with contact details of individuals from another organisation, that organisation must be able to demonstrate that the data was obtained in compliance with the General Data Protection Regulation and that it may use it for advertising purposes …. Such lists are processed on grounds of legitimate interests and individuals will have a right to object to such processing.

Source: European Commission


GDPR Full Text
Last but not least, the full text of the GDPR itself (in English) – it can be helpful to refer to for fact checking.

10. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

Source: EUR-Lex (Access to European Law)

Struggling to make sense of EU privacy legislation? | Michael R Levy from GZConsulting summarises your B2B marketing options

Kevin Savage

27 June 2018

Kevin Savage

Boston, USA – based marketing and competitive research consultant, Michael Levy, is an expert business intelligence products and solutions commentator.

He joined Rhetorik’s latest GDPR webinar presented by Rhetorik’s CRO, Kevin Savage and DPO & Research Director, Samantha Magee, to help make sense of the latest EU data privacy laws.

Michael summarises your B2B marketing options in his latest GZConsulting blog posts

“Rhetorik: What Does GDPR Mean for B2B Marketing?”

Michael reports on the GDPR session in three parts:

III – GDPR Legitimate Interest and statuses across major European countries

II – UK PECR law and additional details on Legitimate Interest

I – GDPR and Legitimate Interest

If you have any GDPR questions, please do get in contact via the Contact Us page.

B2B Marketing in Europe: is GDPR compliance all you need?

Kevin Savage

18 April 2018

Kevin Savage

“DP-Day will merely mark the end of the beginning of a very long journey for the data protection community.”

May 25th 2018 is looming large in the eyes of many B2B marketers wishing to promote their wares in the EU. But as UK Information Commissioner Elizabeth Denham said in her speech to the IAAP recently, this is only the beginning.

And while the General Data Protection Regulation (GDPR) is garnering all the headlines at the moment, B2B marketers must continue to pay attention to a whole raft of national data privacy laws, such as:

Over time, these will be largely replaced by the EU’s ePrivacy v.2 legislation, but in the meantime national legislation continues to apply.

Rhetorik, in collaboration with its European EMIG partners, have published a white paper covering these regulations in some detail, and what they mean for B2B marketers. If you would like a copy of the white paper, please request it via our Contact form.

Looking at Germany as an example of some of the complexities involved, the Thomson Reuters Practical Law site has this to say:

“In line with the E-Privacy Directive (Directive 2002/58/EC), email marketing and advertising generally require the customer’s prior express consent under the German Act against Unfair Trade Practices.”

In addition, the German Federal Court of Justice has expressly stated that assumed consent does not satisfy the requirements for email marketing.”

There are some instances where email marketing without express consent is allowed, but essentially what every German marketer knows is that specific opt-in consent is required for B2B email marketing.

ePrivacy and B2B marketing – why you should be planning ahead

Kevin Savage

6 December 2017

Kevin Savage

Almost everybody involved in marketing will have heard about GDPR – the European Union’s new data protection rules that all companies will have to follow. However, there is another new set of regulations around privacy that will also impact B2B marketing.

This new set of regulation, dubbed ePrivacy version 2, follows on from the Privacy and Electronic Communications Regulations introduced in 2003 in the UK. PECR provides rules on how individuals’ data should be used when sending marketing communications, sending messages on electronic services and for storing website cookies.

The ePrivacy v2 is designed to complement GDPR. The updated draft of the regulation was published earlier in 2017, but the final text is still being discussed and heavily lobbied. While the EU team behind ePrivacy is anxious to get this finalised and launched alongside GDPR in May 2018, in reality it seems unlikely the legislation will be ready.

For B2B marketers, there are some changes that may affect their plans around data, and some important issues to bear in mind. These are:

  • Marketers can use the data they have gathered today and any data they acquire – however, they will have to work on defining consent requirements related to the use in the future.
  • Getting high quality up-to-date data will help marketers improve their processes in obtaining opt-in and consent for their lead generation activities and also make compliance easier over time.
  • Concentrating on customers who are most likely to be interested in conversations around their needs will help – this is another reason for choosing a reputed data provider in the first place.

Marketeers will need to prepare in order to comply with the e-privacy regulation, especially in relation to communication with existing customers.

The draft regulation has been presented to the European Parliament and Commission and its currently in review with the European Council.

As by conversation between Andreas Splittgerber and Sven Schonhofen of Reed Smith it seems that a further twelve month grace period might be given to comply once regulation comes into effect.

For marketers thinking about their data strategy, Rhetorik can share its own journey towards compliance around B2B data.

To get your data journey started, contact us on 0118 989 8580.